Skip to content

Instantly share code, notes, and snippets.

@ansulev
Last active October 15, 2019 10:19
Show Gist options
  • Save ansulev/a0ef37210d2f8cbf09c636c0398785c5 to your computer and use it in GitHub Desktop.
Save ansulev/a0ef37210d2f8cbf09c636c0398785c5 to your computer and use it in GitHub Desktop.
Getting a Perfect SSL Labs Score
# openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096
# vim /etc/nginx/nginx.conf
...
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam ssl/dhparam.pem;
ssl_ecdh_curve secp384r1;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
...
server {
listen 443 ssl;
# gzip should not be used with ssl
gzip off;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment